Google has announced that pKVM (protected KVM), the hypervisor powering Android's Virtualization Framework, has achieved SESIP Level 5 certification — the first software security system for large-scale consumer electronics deployment to reach this bar. The certification was conducted by Dekra against the TrustCB SESIP scheme, compliant with EN-17927, and incorporates AVA_VAN.5, the highest vulnerability analysis and penetration testing level under ISO 15408 (Common Criteria). This means pKVM has been evaluated as resistant to highly skilled, well-funded attackers with potential insider access. The achievement positions Android to securely support high-criticality isolated workloads, including on-device AI processing sensitive personal data. Going forward, Android device manufacturers will be required to use isolation technology meeting this security level, providing a consistent open-source firmware base for the entire ecosystem.
Sort: